unity-scriptableobject
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill definition creates a vulnerability surface for indirect prompt injection by enabling the agent to ingest and process data from external files and JSON strings.
- Ingestion points: The functions
scriptableobject_import_jsonandscriptableobject_getread data from file paths or strings that may be controlled by an external actor. - Boundary markers: There are no instructions or delimiters defined to help the agent distinguish between data and potential commands within the processed JSON.
- Capability inventory: The skill allows for the creation, modification, and deletion of files on the system (
scriptableobject_delete,scriptableobject_create,scriptableobject_export_json), which could be abused if an injection is successful. - Sanitization: The skill lacks specified validation or sanitization for the inputs provided to the asset management tools.
Audit Metadata